The Increasing Imperative for State and Local Government Data Security

Category

Intelligence

January 30, 2013By SecureWorks

A recent article in USA Today uncovers a stark reality - as state and local government agencies extend their online payment capabilities, basic security protections have not kept pace with the growth in data exchange, and the vulnerabilities that accompany that growth.

The article outlines a well-publicized breach at the South Carolina Department of Revenue's data system, which subsequently exposed 3.6 million social security numbers, along with 387,000 stolen credit card numbers. With a black market value for social security and credit card numbers at roughly $3 apiece, the breach could have potentially netted the hackers a whopping $12 million on a good day.

In the case of South Carolina, officials noted that even three months after the breach, they "do not know the exact state of cybersecurity at all agencies." The breach was noted as "a good example of how fragmented our state data-security system is," according to House Majority Leader Bruce Bannister, from Greenville, SC.

And a critical first step toward this goal is gaining situational awareness - meaning visibility into where data resides, and visibility into what the real risks are that the organization faces. Developing an effective and efficient defense against attacks, from both insiders and outsiders, also requires that the organization be aware of where their device endpoints are.

Although the solutions are out there, a lot of the necessary strengthening of security posture should come in the form of comprehensive changes, which also includes cyber-security awareness training, and an entity to enforce security policies. In many cases, a top-down approach is the only way to effect change.